[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services

Subject: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 18 Nov 2014 04:26:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 17 Nov 2014 23:26:20 -0500
In-reply-to: <044.633990205f1f6cb5eab5ae86d37d071f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.633990205f1f6cb5eab5ae86d37d071f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13667: Prevent port scanning of hidden services
------------------------+------------------------------------------
     Reporter:  arma    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  major   |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  SponsorR tor-hs 025-backport
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------------------

Comment (by arma):

 '1' doesn't make me very satisfied. It means that if there is a port
 that's open, you can keep asking and you'll find it. That sounds like the
 same situation as now.

 '2' indeed doesn't hide whether the port worked, but it sure slows down
 scanning. Can we argue that it slows down scanning enough to make it
 basically useless on a large scale? (A downside is that if somebody *does*
 decide to scan anyway, they'll sure be putting a lot of pain on the
 network.)

 Does '4', for a low number, basically approximate one of the earlier
 options? E.g. we'd have to also include configured but actually down
 services, or you could just ask for the same one k times in a row and if
 it hangs up then you know it was the 'defense'.

 Are there arguments against '2' other than 'it's not a complete solution'?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13667#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13439 [Tor Browser]: Inspector raises the canvas prompt when hovering over images
Next by Author: Re: [tor-bugs] #13671 [Tor Browser]: Circuit display is broken if bridges are being used.
Previous by thread: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
Next by thread: Re: [tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services
Index(es):
- Author
- Thread